Server port configuration

State-owned enterprises do not do much, but to be honest, the management of state-owned enterprises is still very good.
China Unicom is not a state-owned enterprise, so their IDC hosting equipment rooms are ..., it is also a value-added service. In fact, it is a money fraud service that does not even have a physical firewall. the servers in it are also subject to message harassment from time to time, the server IDC hosting of the Chongqing Unicom data center may be the best broken IDC in China. There was a problem at the second and second ends, and the server was still made into a meat machine. After investigation, the machines in the IDC were also faulty. After investigation, others were also made into a meat machine, it was also used as a stepping stone. Alas, value-added money fraud zone.

Therefore, you cannot use a method that is not commonly used for server management. You only need to seal the port by yourself. In the TCP/IP attribute, select the last item in the advanced configuration. The port configuration options are added, which are divided into three port configurations: TCP, UDP, and IP.
This is mainly about TCP. UDP is relatively safer, because it can only send messages to you and will not receive your response message. At most, let your database act as a machine or something, it will be restored in a short time. Alas, poor, I have to pay tens of thousands of license fees, and I have to configure it myself. If someone else moves anything, I will seal the port well. There is no problem again.

Let's go further. Let's talk about the TCP port. First, the default TCP configuration here is full-open port. Let's choose which port to open only, then configure the port to be opened.

80. This port should be opened in general, because your server will usually have websites. Otherwise, you will not have an ICP certificate. You will have to have it if you need an ICP certificate.
21. If this is not enabled, check whether you have obtained the FTP server.
1433. This is the port of the SQL database and can be opened if SQL is available. Of course, if the remote program does not directly access the database, this can also be disabled. Because this port configuration method only configures the NIC, that is to say, it is ineffective to directly access the local port on the local machine.
3389. This is the port of WINODWS Remote Desktop. Some people say it is insecure. As long as you have a good password and account policy, you are not afraid. I personally think this remote control is the fastest way. It is very fast, and some pc anywhere cannot be connected at all, which can also be well controlled. It feels like a local machine.
5631. This is the port of pc anywhere, and everyone understands it.

The advantage of using this configuration method is that even if the port is not opened, it will not affect the operation on the machine.
135,139,445 these dangerous ports can be disabled, and can be used on the local machine. Remote Access will not work. Safe!